On 10/21/23 17:28, Nilesh Patra wrote:
I have pushed a small change with reasoning to properly fix those. However, I have two questions to ask: * Why is the groupname of soju user names "ssl-cert" and not soju itself? * Do we expect a "ssl-group" to be commonly present in linux systems? If not (it isn't on mine), should it not be: - Created in d/postinst? -- There is no groupadd or --ingroup with adduser - Removed in d/postrm? -- no delgroup
The group is added by the "ssl-cert" package[0] package which soju has a Depends: on, and it's added as a supplementary group to the soju user and not as the primary group. That group generates self-signed TLS certificates that the package can use in the default configuration, instead of shipping a default configuration with a plaintext listener which is heavily discouraged by upstream and something I'd rather not do regardless.
[0]: https://tracker.debian.org/pkg/ssl-cert Taavi
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature